If you ever suspect you got spam from yendor.com, please look at the spam headers. In particular look at the outermost 'Received' line. In that line, find the IP that actually delivered the email to your own mail server.
The real yendor.com never spams. Period.
Was the email really sent via one of the approved IPs of *.yendor.com?
If not, the 'yendor.com' in the 'From: ' line is almost certainly fake.
Spammers very often fake their 'From: ' lines so that rejected emails don't take up their bandwidth and CPU resources. Spammers are only interested in positive responses. They want gullible people to follow their links or open their attachments, or fetch their web-beacons (so they can figure out who actually opened their spams). The rejected/bounced emails are mostly useless to them because there are better, more efficient ways for cleaning-up mailing lists, than sending emails from a legitimate and verified sender and checking if they bounce back to that sender.
In fact, many ISPs shut-down accounts when they get too many bounces into them (implying that spam may have originated from them).
The problem is with the ISPs or anti-spam "solution" providers who trust spams, and are too quick to blackhole entire swaths of the net, just because a spammer used a (fake) domain in the 'From: ' line. comcast.com is notorious for being one of the worst. When we send email from yendor.com to a comcast.com address, it is often dropped by Comcast without giving us any notice that something went wrong.
For this reason, yendor.com publishes a SPF (Sender Policy Framework) record in DNS.
SPF is an open internet standard designed to counter email sender fakes and forgeries.
Put simply, any email service provider receiving email from yendor.com can easily verify, by using a quick DNS lookup, whether that email is really from yendor.com or from a spammer claiming to be yendor.com (i.e. a fake). eMail from yendor.com can only come from a handful of IP addresses on the net (all these outgoing emails are SMTP authenticated, using established credentials/passwords over an encrypted channel).
If an email comes from anywhere else, it is not really from yendor.com.
Here's our SPF record (broken into multiple lines for readability):
$ dig yendor.com TXT ... yendor.com. 14400 IN TXT "v=spf1 a a:mail.yendor.com ip4:126.96.36.199/18 ip4:188.8.131.52/17 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/24 mx ~all"
Want to learn more? You may build your own domain's SPF DNS record, using the official SPF wizard.
If you're looking for a more sophisticated standard, using cryptography to ensure email authenticity, and supporting relaying, check out Yahoo!'s DomainKeys open standard.
On a slightly related note:
yendor.com receives between 10,000 to 20,000 spams/day. We see practically none of them thanks to our extensive use of honeypots.
We've elected to accept all spam, rather than drop it, because each spammer who spams our honeypots volunteers valuable information to us. The spam-detection method is straight-forward: We capture the spam received by all honeypots and analyze it in real time. We extract multiple signatures from the messages which are guaranteed to be spam (since they were sent to honeypots). We then apply the analysis, for a limited time, to all incoming email. As a result, spammers who spam yendor.com to the tune of the over 10,000-20,000 messages/day are completely wasting their time and resources.
bfDon't dare Contacting this address